1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License 15 */ 16 17 package com.android.server.uri; 18 19 import android.annotation.NonNull; 20 import android.annotation.Nullable; 21 import android.content.Intent; 22 import android.content.pm.ActivityInfo.RequiredContentUriPermission; 23 import android.content.pm.ProviderInfo; 24 import android.net.Uri; 25 import android.os.IBinder; 26 import android.os.UserHandle; 27 28 import java.io.PrintWriter; 29 30 /** 31 * Uri Grants local system service interface. 32 * @hide Only for use within system server 33 */ 34 public interface UriGrantsManagerInternal { onSystemReady()35 void onSystemReady(); removeUriPermissionIfNeeded(UriPermission perm)36 void removeUriPermissionIfNeeded(UriPermission perm); 37 revokeUriPermission(String targetPackage, int callingUid, GrantUri grantUri, final int modeFlags)38 void revokeUriPermission(String targetPackage, int callingUid, 39 GrantUri grantUri, final int modeFlags); 40 41 /** 42 * Check if the uid has permission to the URI in grantUri. 43 * 44 * @param isFullAccessForContentUri If true, the URI has to be a content URI 45 * and the method will consider full access. 46 * Otherwise, the method will only consider 47 * URI grants. 48 */ checkUriPermission(GrantUri grantUri, int uid, int modeFlags, boolean isFullAccessForContentUri)49 boolean checkUriPermission(GrantUri grantUri, int uid, int modeFlags, 50 boolean isFullAccessForContentUri); 51 checkGrantUriPermission( int callingUid, String targetPkg, Uri uri, int modeFlags, int userId)52 int checkGrantUriPermission( 53 int callingUid, String targetPkg, Uri uri, int modeFlags, int userId); 54 55 /** 56 * Calculate the set of permission grants that would be needed to extend 57 * access for the given {@link Intent} to the given target package. 58 * 59 * @throws SecurityException if the caller doesn't have permission to the 60 * {@link Intent} data, or if the underlying provider doesn't 61 * allow permissions to be granted. 62 */ checkGrantUriPermissionFromIntent(Intent intent, int callingUid, String targetPkg, int targetUserId)63 NeededUriGrants checkGrantUriPermissionFromIntent(Intent intent, int callingUid, 64 String targetPkg, int targetUserId); 65 66 /** 67 * Same as {@link #checkGrantUriPermissionFromIntent(Intent, int, String, int)}, but with an 68 * extra parameter {@code requireContentUriPermissionFromCaller}, which is the value from {@link 69 * android.R.attr#requireContentUriPermissionFromCaller} attribute. 70 */ checkGrantUriPermissionFromIntent(Intent intent, int callingUid, String targetPkg, int targetUserId, @RequiredContentUriPermission int requireContentUriPermissionFromCaller)71 NeededUriGrants checkGrantUriPermissionFromIntent(Intent intent, int callingUid, 72 String targetPkg, int targetUserId, 73 @RequiredContentUriPermission int requireContentUriPermissionFromCaller); 74 75 /** 76 * Extend a previously calculated set of permissions grants to the given 77 * owner. All security checks will have already been performed as part of 78 * calculating {@link NeededUriGrants}. 79 */ grantUriPermissionUncheckedFromIntent( NeededUriGrants needed, UriPermissionOwner owner)80 void grantUriPermissionUncheckedFromIntent( 81 NeededUriGrants needed, UriPermissionOwner owner); 82 83 /** 84 * Creates a new stateful object to track uri permission grants. This is needed to maintain 85 * state when managing grants via {@link UriGrantsManagerService#grantUriPermissionFromOwner}, 86 * {@link #revokeUriPermissionFromOwner}, etc. 87 * 88 * @param name A name for the object. This is only used for logcat/dumpsys logging, so there 89 * are no uniqueness or other requirements, but it is recommended to make the 90 * name sufficiently readable so that the relevant code area can be determined 91 * easily when this name shows up in a bug report. 92 * @return An opaque owner token for tracking uri permission grants. 93 * @see UriPermissionOwner 94 * @see UriGrantsManagerService 95 */ newUriPermissionOwner(String name)96 IBinder newUriPermissionOwner(String name); 97 98 /** 99 * Remove any {@link UriPermission} granted <em>from</em> or <em>to</em> the 100 * given package. 101 * 102 * @param packageName Package name to match, or {@code null} to apply to all 103 * packages. 104 * @param userHandle User to match, or {@link UserHandle#USER_ALL} to apply 105 * to all users. 106 * @param persistable If persistable grants should be removed. 107 * @param targetOnly When {@code true}, only remove permissions where the app is the target, 108 * not source. 109 */ removeUriPermissionsForPackage( String packageName, int userHandle, boolean persistable, boolean targetOnly)110 void removeUriPermissionsForPackage( 111 String packageName, int userHandle, boolean persistable, boolean targetOnly); 112 113 /** 114 * Like {@link #revokeUriPermissionFromOwner(IBinder, Uri, int, int, String, int)} but applies 115 * to all target packages and all target users. 116 */ revokeUriPermissionFromOwner(@onNull IBinder token, @Nullable Uri uri, int mode, int userId)117 void revokeUriPermissionFromOwner(@NonNull IBinder token, @Nullable Uri uri, int mode, 118 int userId); 119 120 /** 121 * Remove any {@link UriPermission} associated with the owner whose values match the given 122 * filtering parameters. 123 * 124 * @param token An opaque owner token as returned by {@link #newUriPermissionOwner(String)}. 125 * @param uri The content uri for which the permission grant should be revoked. This uri 126 * must NOT contain an embedded userId; use 127 * {@link android.content.ContentProvider#getUriWithoutUserId(Uri)} if needed. 128 * This param may be {@code null} to revoke grants for all uris tracked by the 129 * provided owner token. 130 * @param mode The modes (as a bitmask) to revoke. See 131 * {@link Intent#FLAG_GRANT_READ_URI_PERMISSION}, etc. 132 * @param userId The userId in which the given uri is to be resolved. If the {@code uri} 133 * param is {@code null}, this param is ignored since permissions for all 134 * uris will be revoked. 135 * @param targetPkg Target package name to match (app that received the grant), or 136 * {@code null} to apply to all packages. 137 * @param targetUserId Target user to match (userId of the app that received the grant), or 138 * {@link UserHandle#USER_ALL} to apply to all users. 139 */ revokeUriPermissionFromOwner(@onNull IBinder token, @Nullable Uri uri, int mode, int userId, @Nullable String targetPkg, int targetUserId)140 void revokeUriPermissionFromOwner(@NonNull IBinder token, @Nullable Uri uri, int mode, 141 int userId, @Nullable String targetPkg, int targetUserId); 142 checkAuthorityGrants( int callingUid, ProviderInfo cpi, int userId, boolean checkUser)143 boolean checkAuthorityGrants( 144 int callingUid, ProviderInfo cpi, int userId, boolean checkUser); 145 dump(PrintWriter pw, boolean dumpAll, String dumpPackage)146 void dump(PrintWriter pw, boolean dumpAll, String dumpPackage); 147 } 148